Interface DtlsConnection.AcceptCertificateCallback

All Superinterfaces:
FunctionPointer
Enclosing interface:
DtlsConnection
Functional Interface:
This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.
@FunctionalInterface public static interface DtlsConnection.AcceptCertificateCallback extends FunctionPointer

Functional interface declaration of the AcceptCertificateCallback callback.

Since:
2.48
See Also:

  • Method Details

    • run

      boolean run(@Nullable TlsCertificate peerCert, Set<TlsCertificateFlags> errors)

      Emitted during the TLS handshake after the peer certificate has been received. You can examine peerCert's certification path by calling g_tls_certificate_get_issuer() on it.

      For a client-side connection, peerCert is the server's certificate, and the signal will only be emitted if the certificate was not acceptable according to conn's GDtlsClientConnection:validation_flags. If you would like the certificate to be accepted despite errors, return true from the signal handler. Otherwise, if no handler accepts the certificate, the handshake will fail with TlsError.BAD_CERTIFICATE.

      GLib guarantees that if certificate verification fails, this signal will be emitted with at least one error will be set in errors, but it does not guarantee that all possible errors will be set. Accordingly, you may not safely decide to ignore any particular type of error. For example, it would be incorrect to ignore TlsCertificateFlags.EXPIRED if you want to allow expired certificates, because this could potentially be the only error flag set even if other problems exist with the certificate.

      For a server-side connection, peerCert is the certificate presented by the client, if this was requested via the server's GDtlsServerConnection:authentication_mode. On the server side, the signal is always emitted when the client presents a certificate, and the certificate will only be accepted if a handler returns true.

      Note that if this signal is emitted as part of asynchronous I/O in the main thread, then you should not attempt to interact with the user before returning from the signal handler. If you want to let the user decide whether or not to accept the certificate, you would have to return false from the signal handler on the first attempt, and then after the connection attempt returns a TlsError.BAD_CERTIFICATE, you can interact with the user, and if the user decides to accept the certificate, remember that fact, create a new connection, and return true from the signal handler the next time.

      If you are doing I/O in another thread, you do not need to worry about this, and can simply block in the signal handler until the UI thread returns an answer.

      Since:
      2.48

    • upcall

      default int upcall(MemorySegment sourceDtlsConnection, MemorySegment peerCert, int errors)
      The upcall method is called from native code. The parameters are marshaled and run(TlsCertificate, Set) is executed.

    • toCallback

      default MemorySegment toCallback(Arena arena)
      Creates a native function pointer to the upcall(MemorySegment, MemorySegment, int) method.
      Specified by:
      toCallback in interface FunctionPointer
      Parameters:
      arena - the arena in which the function pointer is allocated
      Returns:
      the native function pointer